Accepting request 869843 from home:bfrogers:branches:Virtualization

- Include upstream patches designated as stable material and
  reviewed for applicability to include here
  block-Separate-blk_is_writable-and-blk_s.patch
  hw-intc-arm_gic-Fix-interrupt-ID-in-GICD.patch
  hw-net-lan9118-Fix-RX-Status-FIFO-PEEK-v.patch
  hw-timer-slavio_timer-Allow-64-bit-acces.patch
  net-Fix-handling-of-id-in-netdev_add-and.patch
  target-arm-Don-t-decode-insns-in-the-XSc.patch
  target-arm-Fix-MTE0_ACTIVE.patch
  target-arm-Introduce-PREDDESC-field-defi.patch
  target-arm-Update-PFIRST-PNEXT-for-pred_.patch
  target-arm-Update-REV-PUNPK-for-pred_des.patch
  target-arm-Update-ZIP-UZP-TRN-for-pred_d.patch
  tcg-Use-memset-for-large-vector-byte-rep.patch
  ui-vnc-Add-missing-lock-for-send_color_m.patch
  virtio-move-use-disabled-flag-property-t.patch
- binutils v2.36 has changed the handling of the assembler's
  -mx86-used-note, resulting in a build failure. To compensate, we
  now explicitly specify -mx86-used-note=no in the seabios Makefile
  (boo#1181775)
  build-be-explicit-about-mx86-used-note-n.patch

OBS-URL: https://build.opensuse.org/request/show/869843
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=614
This commit is contained in:
Bruce Rogers 2021-02-05 19:59:39 +00:00 committed by Git OBS Bridge
parent 1835003597
commit a8263c0693
24 changed files with 1556 additions and 89 deletions

View File

@ -0,0 +1,481 @@
From: Kevin Wolf <kwolf@redhat.com>
Date: Mon, 18 Jan 2021 13:34:47 +0100
Subject: block: Separate blk_is_writable() and blk_supports_write_perm()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: 86b1cf322789b79c8ace977430ac6a443d491cc0
Currently, blk_is_read_only() tells whether a given BlockBackend can
only be used in read-only mode because its root node is read-only. Some
callers actually try to answer a slightly different question: Is the
BlockBackend configured to be writable, by taking write permissions on
the root node?
This can differ, for example, for CD-ROM devices which don't take write
permissions, but may be backed by a writable image file. scsi-cd allows
write requests to the drive if blk_is_read_only() returns false.
However, the write request will immediately run into an assertion
failure because the write permission is missing.
This patch introduces separate functions for both questions.
blk_supports_write_perm() answers the question whether the block
node/image file can support writable devices, whereas blk_is_writable()
tells whether the BlockBackend is currently configured to be writable.
All calls of blk_is_read_only() are converted to one of the two new
functions.
Fixes: https://bugs.launchpad.net/bugs/1906693
Cc: qemu-stable@nongnu.org
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20210118123448.307825-2-kwolf@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
block/block-backend.c | 19 ++++++++++++++++---
hw/block/dataplane/xen-block.c | 2 +-
hw/block/fdc.c | 9 +++++----
hw/block/m25p80.c | 6 +++---
hw/block/nand.c | 2 +-
hw/block/nvme-ns.c | 7 ++++---
hw/block/onenand.c | 2 +-
hw/block/pflash_cfi01.c | 2 +-
hw/block/pflash_cfi02.c | 2 +-
hw/block/swim.c | 6 +++---
hw/block/virtio-blk.c | 6 +++---
hw/block/xen-block.c | 2 +-
hw/ide/core.c | 2 +-
hw/misc/sifive_u_otp.c | 2 +-
hw/ppc/pnv_pnor.c | 2 +-
hw/scsi/scsi-disk.c | 10 +++++-----
hw/scsi/scsi-generic.c | 4 ++--
hw/sd/sd.c | 6 +++---
hw/usb/dev-storage.c | 4 ++--
include/sysemu/block-backend.h | 3 ++-
20 files changed, 57 insertions(+), 41 deletions(-)
diff --git a/block/block-backend.c b/block/block-backend.c
index ce78d30794ade042fa9f1b8d2b68..e493f17515d88465796d298b5566 100644
--- a/block/block-backend.c
+++ b/block/block-backend.c
@@ -1826,17 +1826,30 @@ void blk_error_action(BlockBackend *blk, BlockErrorAction action,
}
}
-bool blk_is_read_only(BlockBackend *blk)
+/*
+ * Returns true if the BlockBackend can support taking write permissions
+ * (because its root node is not read-only).
+ */
+bool blk_supports_write_perm(BlockBackend *blk)
{
BlockDriverState *bs = blk_bs(blk);
if (bs) {
- return bdrv_is_read_only(bs);
+ return !bdrv_is_read_only(bs);
} else {
- return blk->root_state.read_only;
+ return !blk->root_state.read_only;
}
}
+/*
+ * Returns true if the BlockBackend can be written to in its current
+ * configuration (i.e. if write permission have been requested)
+ */
+bool blk_is_writable(BlockBackend *blk)
+{
+ return blk->perm & BLK_PERM_WRITE;
+}
+
bool blk_is_sg(BlockBackend *blk)
{
BlockDriverState *bs = blk_bs(blk);
diff --git a/hw/block/dataplane/xen-block.c b/hw/block/dataplane/xen-block.c
index 71c337c7b7e74085532754bb28b2..f5b4f4c0790c26887e21649010f1 100644
--- a/hw/block/dataplane/xen-block.c
+++ b/hw/block/dataplane/xen-block.c
@@ -168,7 +168,7 @@ static int xen_block_parse_request(XenBlockRequest *request)
};
if (request->req.operation != BLKIF_OP_READ &&
- blk_is_read_only(dataplane->blk)) {
+ !blk_is_writable(dataplane->blk)) {
error_report("error: write req for ro device");
goto err;
}
diff --git a/hw/block/fdc.c b/hw/block/fdc.c
index 4c2c35e223aa5fccb6b855b1aa9e..d6ba6c8f730092632770cf66908b 100644
--- a/hw/block/fdc.c
+++ b/hw/block/fdc.c
@@ -443,7 +443,7 @@ static void fd_revalidate(FDrive *drv)
FLOPPY_DPRINTF("revalidate\n");
if (drv->blk != NULL) {
- drv->ro = blk_is_read_only(drv->blk);
+ drv->ro = !blk_is_writable(drv->blk);
if (!blk_is_inserted(drv->blk)) {
FLOPPY_DPRINTF("No disk in drive\n");
drv->disk = FLOPPY_DRIVE_TYPE_NONE;
@@ -478,8 +478,8 @@ static void fd_change_cb(void *opaque, bool load, Error **errp)
blk_set_perm(drive->blk, 0, BLK_PERM_ALL, &error_abort);
} else {
if (!blkconf_apply_backend_options(drive->conf,
- blk_is_read_only(drive->blk), false,
- errp)) {
+ !blk_supports_write_perm(drive->blk),
+ false, errp)) {
return;
}
}
@@ -552,7 +552,8 @@ static void floppy_drive_realize(DeviceState *qdev, Error **errp)
* read-only node later */
read_only = true;
} else {
- read_only = !blk_bs(dev->conf.blk) || blk_is_read_only(dev->conf.blk);
+ read_only = !blk_bs(dev->conf.blk) ||
+ !blk_supports_write_perm(dev->conf.blk);
}
if (!blkconf_blocksizes(&dev->conf, errp)) {
diff --git a/hw/block/m25p80.c b/hw/block/m25p80.c
index 483925f57a9023f349bd70e8db9a..efe490a52fe4ff5dfeaec609b3e3 100644
--- a/hw/block/m25p80.c
+++ b/hw/block/m25p80.c
@@ -499,7 +499,7 @@ static void flash_sync_page(Flash *s, int page)
{
QEMUIOVector *iov;
- if (!s->blk || blk_is_read_only(s->blk)) {
+ if (!s->blk || !blk_is_writable(s->blk)) {
return;
}
@@ -515,7 +515,7 @@ static inline void flash_sync_area(Flash *s, int64_t off, int64_t len)
{
QEMUIOVector *iov;
- if (!s->blk || blk_is_read_only(s->blk)) {
+ if (!s->blk || !blk_is_writable(s->blk)) {
return;
}
@@ -1278,7 +1278,7 @@ static void m25p80_realize(SSISlave *ss, Error **errp)
if (s->blk) {
uint64_t perm = BLK_PERM_CONSISTENT_READ |
- (blk_is_read_only(s->blk) ? 0 : BLK_PERM_WRITE);
+ (blk_supports_write_perm(s->blk) ? BLK_PERM_WRITE : 0);
ret = blk_set_perm(s->blk, perm, BLK_PERM_ALL, errp);
if (ret < 0) {
return;
diff --git a/hw/block/nand.c b/hw/block/nand.c
index 1d7a48a2ec2ad7ac77dc4b28f677..8c5087f96a960420fc3f7aea03a5 100644
--- a/hw/block/nand.c
+++ b/hw/block/nand.c
@@ -409,7 +409,7 @@ static void nand_realize(DeviceState *dev, Error **errp)
pagesize = 1 << s->oob_shift;
s->mem_oob = 1;
if (s->blk) {
- if (blk_is_read_only(s->blk)) {
+ if (!blk_supports_write_perm(s->blk)) {
error_setg(errp, "Can't use a read-only drive");
return;
}
diff --git a/hw/block/nvme-ns.c b/hw/block/nvme-ns.c
index 31c80cdf5b5ff302052383cbada1..2670787d2630f8a3d1b1c7f138b8 100644
--- a/hw/block/nvme-ns.c
+++ b/hw/block/nvme-ns.c
@@ -48,13 +48,14 @@ static void nvme_ns_init(NvmeNamespace *ns)
static int nvme_ns_init_blk(NvmeCtrl *n, NvmeNamespace *ns, Error **errp)
{
+ bool read_only;
+
if (!blkconf_blocksizes(&ns->blkconf, errp)) {
return -1;
}
- if (!blkconf_apply_backend_options(&ns->blkconf,
- blk_is_read_only(ns->blkconf.blk),
- false, errp)) {
+ read_only = !blk_supports_write_perm(ns->blkconf.blk);
+ if (!blkconf_apply_backend_options(&ns->blkconf, read_only, false, errp)) {
return -1;
}
diff --git a/hw/block/onenand.c b/hw/block/onenand.c
index 5ff7be86bb798190b976779d7603..08994ca7da1aff06ff12615d4777 100644
--- a/hw/block/onenand.c
+++ b/hw/block/onenand.c
@@ -796,7 +796,7 @@ static void onenand_realize(DeviceState *dev, Error **errp)
s->image = memset(g_malloc(size + (size >> 5)),
0xff, size + (size >> 5));
} else {
- if (blk_is_read_only(s->blk)) {
+ if (!blk_supports_write_perm(s->blk)) {
error_setg(errp, "Can't use a read-only drive");
return;
}
diff --git a/hw/block/pflash_cfi01.c b/hw/block/pflash_cfi01.c
index daae9658605f4a348d6e91c84b31..af0bb6c26342405dc558df1be36c 100644
--- a/hw/block/pflash_cfi01.c
+++ b/hw/block/pflash_cfi01.c
@@ -744,7 +744,7 @@ static void pflash_cfi01_realize(DeviceState *dev, Error **errp)
if (pfl->blk) {
uint64_t perm;
- pfl->ro = blk_is_read_only(pfl->blk);
+ pfl->ro = !blk_supports_write_perm(pfl->blk);
perm = BLK_PERM_CONSISTENT_READ | (pfl->ro ? 0 : BLK_PERM_WRITE);
ret = blk_set_perm(pfl->blk, perm, BLK_PERM_ALL, errp);
if (ret < 0) {
diff --git a/hw/block/pflash_cfi02.c b/hw/block/pflash_cfi02.c
index 1b3d94e0473bd4490b7c97d7c7e7..1a855c5d3865c0d64b46c90a4cda 100644
--- a/hw/block/pflash_cfi02.c
+++ b/hw/block/pflash_cfi02.c
@@ -801,7 +801,7 @@ static void pflash_cfi02_realize(DeviceState *dev, Error **errp)
if (pfl->blk) {
uint64_t perm;
- pfl->ro = blk_is_read_only(pfl->blk);
+ pfl->ro = !blk_supports_write_perm(pfl->blk);
perm = BLK_PERM_CONSISTENT_READ | (pfl->ro ? 0 : BLK_PERM_WRITE);
ret = blk_set_perm(pfl->blk, perm, BLK_PERM_ALL, errp);
if (ret < 0) {
diff --git a/hw/block/swim.c b/hw/block/swim.c
index 20133a814c44095028ea0efe7d53..509c2f4900353c3b1e7fad9117f1 100644
--- a/hw/block/swim.c
+++ b/hw/block/swim.c
@@ -137,8 +137,8 @@ static void swim_change_cb(void *opaque, bool load, Error **errp)
blk_set_perm(drive->blk, 0, BLK_PERM_ALL, &error_abort);
} else {
if (!blkconf_apply_backend_options(drive->conf,
- blk_is_read_only(drive->blk), false,
- errp)) {
+ !blk_supports_write_perm(drive->blk),
+ false, errp)) {
return;
}
}
@@ -210,7 +210,7 @@ static void swim_drive_realize(DeviceState *qdev, Error **errp)
dev->conf.werror = BLOCKDEV_ON_ERROR_AUTO;
if (!blkconf_apply_backend_options(&dev->conf,
- blk_is_read_only(dev->conf.blk),
+ !blk_supports_write_perm(dev->conf.blk),
false, errp)) {
return;
}
diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c
index bac2d6fa2b283854b21f225bea1c..e8600b069da36372f68c6b59baf9 100644
--- a/hw/block/virtio-blk.c
+++ b/hw/block/virtio-blk.c
@@ -1021,7 +1021,7 @@ static uint64_t virtio_blk_get_features(VirtIODevice *vdev, uint64_t features,
virtio_has_feature(features, VIRTIO_BLK_F_CONFIG_WCE))) {
virtio_add_feature(&features, VIRTIO_BLK_F_WCE);
}
- if (blk_is_read_only(s->blk)) {
+ if (!blk_is_writable(s->blk)) {
virtio_add_feature(&features, VIRTIO_BLK_F_RO);
}
if (s->conf.num_queues > 1) {
@@ -1175,8 +1175,8 @@ static void virtio_blk_device_realize(DeviceState *dev, Error **errp)
}
if (!blkconf_apply_backend_options(&conf->conf,
- blk_is_read_only(conf->conf.blk), true,
- errp)) {
+ !blk_supports_write_perm(conf->conf.blk),
+ true, errp)) {
return;
}
s->original_wce = blk_enable_write_cache(conf->conf.blk);
diff --git a/hw/block/xen-block.c b/hw/block/xen-block.c
index 8a7a3f54523ed050587c3e2047de..20b23c699bc1cb4cd796bf352c45 100644
--- a/hw/block/xen-block.c
+++ b/hw/block/xen-block.c
@@ -574,7 +574,7 @@ static void xen_disk_realize(XenBlockDevice *blockdev, Error **errp)
return;
}
- blockdev->info = blk_is_read_only(conf->blk) ? VDISK_READONLY : 0;
+ blockdev->info = blk_supports_write_perm(conf->blk) ? 0 : VDISK_READONLY;
}
static void xen_disk_class_init(ObjectClass *class, void *data)
diff --git a/hw/ide/core.c b/hw/ide/core.c
index e85821637c961121ad7a2ccfbaf9..50758a944172ba6ed12c3ca2bc4c 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -2537,7 +2537,7 @@ int ide_init_drive(IDEState *s, BlockBackend *blk, IDEDriveKind kind,
error_setg(errp, "Device needs media, but drive is empty");
return -1;
}
- if (blk_is_read_only(blk)) {
+ if (!blk_is_writable(blk)) {
error_setg(errp, "Can't use a read-only drive");
return -1;
}
diff --git a/hw/misc/sifive_u_otp.c b/hw/misc/sifive_u_otp.c
index 60066375abddfa4e74e424b7d693..84547ebf1ba4aae4c99be01342e5 100644
--- a/hw/misc/sifive_u_otp.c
+++ b/hw/misc/sifive_u_otp.c
@@ -218,7 +218,7 @@ static void sifive_u_otp_realize(DeviceState *dev, Error **errp)
if (s->blk) {
perm = BLK_PERM_CONSISTENT_READ |
- (blk_is_read_only(s->blk) ? 0 : BLK_PERM_WRITE);
+ (blk_supports_write_perm(s->blk) ? BLK_PERM_WRITE : 0);
ret = blk_set_perm(s->blk, perm, BLK_PERM_ALL, errp);
if (ret < 0) {
return;
diff --git a/hw/ppc/pnv_pnor.c b/hw/ppc/pnv_pnor.c
index c365ee58b884c02c77851a35f566..cc2a6a3db7eac7cab6750fe7f011 100644
--- a/hw/ppc/pnv_pnor.c
+++ b/hw/ppc/pnv_pnor.c
@@ -85,7 +85,7 @@ static void pnv_pnor_realize(DeviceState *dev, Error **errp)
if (s->blk) {
uint64_t perm = BLK_PERM_CONSISTENT_READ |
- (blk_is_read_only(s->blk) ? 0 : BLK_PERM_WRITE);
+ (blk_supports_write_perm(s->blk) ? BLK_PERM_WRITE : 0);
ret = blk_set_perm(s->blk, perm, BLK_PERM_ALL, errp);
if (ret < 0) {
return;
diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c
index 90841ad79123a3a86547a70d6dd4..7ab2be05b3ce3f4fad2212037b34 100644
--- a/hw/scsi/scsi-disk.c
+++ b/hw/scsi/scsi-disk.c
@@ -1269,7 +1269,7 @@ static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
if (s->qdev.type == TYPE_DISK) {
dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0;
- if (blk_is_read_only(s->qdev.conf.blk)) {
+ if (!blk_is_writable(s->qdev.conf.blk)) {
dev_specific_param |= 0x80; /* Readonly. */
}
} else {
@@ -1703,7 +1703,7 @@ static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf)
goto invalid_param_len;
}
- if (blk_is_read_only(s->qdev.conf.blk)) {
+ if (!blk_is_writable(s->qdev.conf.blk)) {
block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP);
scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
return;
@@ -1794,7 +1794,7 @@ static void scsi_disk_emulate_write_same(SCSIDiskReq *r, uint8_t *inbuf)
return;
}
- if (blk_is_read_only(s->qdev.conf.blk)) {
+ if (!blk_is_writable(s->qdev.conf.blk)) {
scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
return;
}
@@ -2206,7 +2206,7 @@ static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf)
case WRITE_VERIFY_10:
case WRITE_VERIFY_12:
case WRITE_VERIFY_16:
- if (blk_is_read_only(s->qdev.conf.blk)) {
+ if (!blk_is_writable(s->qdev.conf.blk)) {
scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
return 0;
}
@@ -2379,7 +2379,7 @@ static void scsi_realize(SCSIDevice *dev, Error **errp)
}
}
- read_only = blk_is_read_only(s->qdev.conf.blk);
+ read_only = !blk_supports_write_perm(s->qdev.conf.blk);
if (dev->type == TYPE_ROM) {
read_only = true;
}
diff --git a/hw/scsi/scsi-generic.c b/hw/scsi/scsi-generic.c
index 2cb23ca8913c91fc06f497af21be..836479ab017326fa058381efbb87 100644
--- a/hw/scsi/scsi-generic.c
+++ b/hw/scsi/scsi-generic.c
@@ -305,7 +305,7 @@ static void scsi_read_complete(void * opaque, int ret)
* readonly.
*/
if ((s->type == TYPE_DISK || s->type == TYPE_TAPE || s->type == TYPE_ZBC) &&
- blk_is_read_only(s->conf.blk) &&
+ !blk_is_writable(s->conf.blk) &&
(r->req.cmd.buf[0] == MODE_SENSE ||
r->req.cmd.buf[0] == MODE_SENSE_10) &&
(r->req.cmd.buf[1] & 0x8) == 0) {
@@ -693,7 +693,7 @@ static void scsi_generic_realize(SCSIDevice *s, Error **errp)
return;
}
if (!blkconf_apply_backend_options(&s->conf,
- blk_is_read_only(s->conf.blk),
+ !blk_supports_write_perm(s->conf.blk),
true, errp)) {
return;
}
diff --git a/hw/sd/sd.c b/hw/sd/sd.c
index 1842c037978c6b17c74d6b81a169..5cdcd54cfcbf467342b2e485ac3e 100644
--- a/hw/sd/sd.c
+++ b/hw/sd/sd.c
@@ -583,7 +583,7 @@ static void sd_reset(DeviceState *dev)
sd_set_sdstatus(sd);
g_free(sd->wp_groups);
- sd->wp_switch = sd->blk ? blk_is_read_only(sd->blk) : false;
+ sd->wp_switch = sd->blk ? !blk_is_writable(sd->blk) : false;
sd->wpgrps_size = sect;
sd->wp_groups = bitmap_new(sd->wpgrps_size);
memset(sd->function_group, 0, sizeof(sd->function_group));
@@ -751,7 +751,7 @@ void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert)
{
sd->readonly_cb = readonly;
sd->inserted_cb = insert;
- qemu_set_irq(readonly, sd->blk ? blk_is_read_only(sd->blk) : 0);
+ qemu_set_irq(readonly, sd->blk ? !blk_is_writable(sd->blk) : 0);
qemu_set_irq(insert, sd->blk ? blk_is_inserted(sd->blk) : 0);
}
@@ -2155,7 +2155,7 @@ static void sd_realize(DeviceState *dev, Error **errp)
if (sd->blk) {
int64_t blk_size;
- if (blk_is_read_only(sd->blk)) {
+ if (!blk_supports_write_perm(sd->blk)) {
error_setg(errp, "Cannot use read-only drive as SD card");
return;
}
diff --git a/hw/usb/dev-storage.c b/hw/usb/dev-storage.c
index f0f005869d25976cc4d5d2394237..c49e8b819e97df5f3f1814f2f63f 100644
--- a/hw/usb/dev-storage.c
+++ b/hw/usb/dev-storage.c
@@ -613,8 +613,8 @@ static void usb_msd_storage_realize(USBDevice *dev, Error **errp)
return;
}
- if (!blkconf_apply_backend_options(&s->conf, blk_is_read_only(blk), true,
- errp)) {
+ if (!blkconf_apply_backend_options(&s->conf, !blk_supports_write_perm(blk),
+ true, errp)) {
return;
}
diff --git a/include/sysemu/block-backend.h b/include/sysemu/block-backend.h
index 8203d7f6f90c792ca3f70e516909..880e9032930b0207e2e3e6fe1bd7 100644
--- a/include/sysemu/block-backend.h
+++ b/include/sysemu/block-backend.h
@@ -191,7 +191,8 @@ BlockErrorAction blk_get_error_action(BlockBackend *blk, bool is_read,
int error);
void blk_error_action(BlockBackend *blk, BlockErrorAction action,
bool is_read, int error);
-bool blk_is_read_only(BlockBackend *blk);
+bool blk_supports_write_perm(BlockBackend *blk);
+bool blk_is_writable(BlockBackend *blk);
bool blk_is_sg(BlockBackend *blk);
bool blk_enable_write_cache(BlockBackend *blk);
void blk_set_enable_write_cache(BlockBackend *blk, bool wce);

View File

@ -0,0 +1,28 @@
From: Bruce Rogers <brogers@suse.com>
Date: Thu, 4 Feb 2021 11:06:47 -0700
Subject: build: be explicit about -mx86-used-note=no
binutils v2.36 switched the default for the assembler's -mx86-used-note,
which caused breakage building seavgabios as follows:
ld: section .note.gnu.property LMA [0000000000000000,0000000000000027]
overlaps section .text LMA [0000000000000000,0000000000006e87]
Fix by explicitly specifying -mx86-used-note=no to assembler in seabios'
Makefile (boo#1181775)
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
Makefile | 1 +
1 file changed, 1 insertion(+)
diff --git a/roms/seabios/Makefile b/roms/seabios/Makefile
index 74a01853f26458d94d4a4e056b7b..16627562900bbca4b68c6f1df220 100644
--- a/roms/seabios/Makefile
+++ b/roms/seabios/Makefile
@@ -73,6 +73,7 @@ COMMONCFLAGS += $(call cc-option,$(CC),-fstack-check=no,)
COMMONCFLAGS += $(call cc-option,$(CC),-Wno-address-of-packed-member,)
COMMONCFLAGS += $(call cc-option,$(CC),-fcf-protection=none,)
COMMA := ,
+COMMONCFLAGS += $(call cc-option,$(CC),-Wa$(COMMA)-mx86-used-note=no,)
CFLAGS32FLAT := $(COMMONCFLAGS) -DMODE16=0 -DMODESEGMENT=0
CFLAGSSEG := $(COMMONCFLAGS) -DMODESEGMENT=1 -fno-defer-pop \

View File

@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:f1253b975d29c6b84bbf3f611dbd98fcc2c4193fe76fed6db85dbcaf8b2bc696
size 43464
oid sha256:a745a8269f4f06d76fa4e4be2b77fd74108cd04261674d3fb15d9ab4b177f3f6
size 56068

View File

@ -0,0 +1,64 @@
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <f4bug@amsat.org>
Date: Sun, 31 Jan 2021 11:34:01 +0100
Subject: hw/intc/arm_gic: Fix interrupt ID in GICD_SGIR register
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: edfe2eb4360cde4ed5d95bda7777edcb3510f76a
Per the ARM Generic Interrupt Controller Architecture specification
(document "ARM IHI 0048B.b (ID072613)"), the SGIINTID field is 4 bit,
not 10:
- 4.3 Distributor register descriptions
- 4.3.15 Software Generated Interrupt Register, GICD_SG
- Table 4-21 GICD_SGIR bit assignments
The Interrupt ID of the SGI to forward to the specified CPU
interfaces. The value of this field is the Interrupt ID, in
the range 0-15, for example a value of 0b0011 specifies
Interrupt ID 3.
Correct the irq mask to fix an undefined behavior (which eventually
lead to a heap-buffer-overflow, see [Buglink]):
$ echo 'writel 0x8000f00 0xff4affb0' | qemu-system-aarch64 -M virt,accel=qtest -qtest stdio
[I 1612088147.116987] OPENED
[R +0.278293] writel 0x8000f00 0xff4affb0
../hw/intc/arm_gic.c:1498:13: runtime error: index 944 out of bounds for type 'uint8_t [16][8]'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../hw/intc/arm_gic.c:1498:13
This fixes a security issue when running with KVM on Arm with
kernel-irqchip=off. (The default is kernel-irqchip=on, which is
unaffected, and which is also the correct choice for performance.)
Cc: qemu-stable@nongnu.org
Fixes: CVE-2021-20221
Fixes: 9ee6e8bb853 ("ARMv7 support.")
Buglink: https://bugs.launchpad.net/qemu/+bug/1913916
Buglink: https://bugs.launchpad.net/qemu/+bug/1913917
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20210131103401.217160-1-f4bug@amsat.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/intc/arm_gic.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/intc/arm_gic.c b/hw/intc/arm_gic.c
index c60dc6b5e6e519e61b20dda66c7b..fbde60de05a20a607a64a5a91bad 100644
--- a/hw/intc/arm_gic.c
+++ b/hw/intc/arm_gic.c
@@ -1474,7 +1474,7 @@ static void gic_dist_writel(void *opaque, hwaddr offset,
int target_cpu;
cpu = gic_get_current_cpu(s);
- irq = value & 0x3ff;
+ irq = value & 0xf;
switch ((value >> 24) & 3) {
case 0:
mask = (value >> 16) & ALL_CPU_MASK;

View File

@ -0,0 +1,36 @@
From: Peter Maydell <peter.maydell@linaro.org>
Date: Fri, 8 Jan 2021 18:04:00 +0000
Subject: hw/net/lan9118: Fix RX Status FIFO PEEK value
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: e7e29fdbbe07fb762d85af9c4d8eeff9b0f52a8e
A copy-and-paste error meant that the return value for register offset 0x44
(the RX Status FIFO PEEK register) returned a byte from a bogus offset in
the rx status FIFO. Fix the typo.
Cc: qemu-stable@nongnu.org
Fixes: https://bugs.launchpad.net/qemu/+bug/1904954
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20210108180401.2263-2-peter.maydell@linaro.org
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/net/lan9118.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/net/lan9118.c b/hw/net/lan9118.c
index ab57c02c8e10d3ea1feb258fa4c5..13d469fe24fd8dd3a03eb2b60a58 100644
--- a/hw/net/lan9118.c
+++ b/hw/net/lan9118.c
@@ -1206,7 +1206,7 @@ static uint64_t lan9118_readl(void *opaque, hwaddr offset,
case 0x40:
return rx_status_fifo_pop(s);
case 0x44:
- return s->rx_status_fifo[s->tx_status_fifo_head];
+ return s->rx_status_fifo[s->rx_status_fifo_head];
case 0x48:
return tx_status_fifo_pop(s);
case 0x4c:

View File

@ -0,0 +1,88 @@
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <f4bug@amsat.org>
Date: Sat, 5 Dec 2020 16:09:03 +0100
Subject: hw/timer/slavio_timer: Allow 64-bit accesses
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: 62a9b228b5fefe0f9e364dfeaf3c65022c63cdb9
Per the "NCR89C105 Chip Specification" referenced in the header:
Chip-level Address Map
------------------------------------------------------------------
| 1D0 0000 -> | Counter/Timers | W,D |
| 1DF FFFF | | |
...
The address map indicated the allowed accesses at each address.
[...] W indicates a word access, and D indicates a double-word
access.
The SLAVIO timer controller is implemented expecting 32-bit accesses.
Commit a3d12d073e1 restricted the memory accesses to 32-bit, while
the device allows 64-bit accesses.
This was not an issue until commit 5d971f9e67 which reverted
("memory: accept mismatching sizes in memory_region_access_valid").
Fix by renaming .valid MemoryRegionOps as .impl, and add the valid
access range (W -> 4, D -> 8).
Since commit 21786c7e598 ("memory: Log invalid memory accesses")
this class of bug can be quickly debugged displaying 'guest_errors'
accesses, as:
$ qemu-system-sparc -M SS-20 -m 256 -bios ss20_v2.25_rom -serial stdio -d guest_errors
Power-ON Reset
Invalid access at addr 0x0, size 8, region 'timer-1', reason: invalid size (min:4 max:4)
$ qemu-system-sparc -M SS-20 -m 256 -bios ss20_v2.25_rom -monitor stdio -S
(qemu) info mtree
address-space: memory
0000000000000000-ffffffffffffffff (prio 0, i/o): system
...
0000000ff1300000-0000000ff130000f (prio 0, i/o): timer-1
^^^^^^^^^ ^^^^^^^
\ memory region base address and name /
(qemu) info qtree
bus: main-system-bus
dev: slavio_timer, id "" <-- device type name
gpio-out "sysbus-irq" 17
num_cpus = 1 (0x1)
mmio 0000000ff1310000/0000000000000014
mmio 0000000ff1300000/0000000000000010 <--- base address
mmio 0000000ff1301000/0000000000000010
mmio 0000000ff1302000/0000000000000010
...
Reported-by: Yap KV <yapkv@yahoo.com>
Buglink: https://bugs.launchpad.net/bugs/1906905
Fixes: a3d12d073e1 ("slavio_timer: convert to memory API")
CC: qemu-stable@nongnu.org
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20201205150903.3062711-1-f4bug@amsat.org>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/timer/slavio_timer.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/hw/timer/slavio_timer.c b/hw/timer/slavio_timer.c
index 5b2d20cb6a5a65a762e8021243cb..03e33fc592665360a72e87e1ac64 100644
--- a/hw/timer/slavio_timer.c
+++ b/hw/timer/slavio_timer.c
@@ -331,6 +331,10 @@ static const MemoryRegionOps slavio_timer_mem_ops = {
.write = slavio_timer_mem_writel,
.endianness = DEVICE_NATIVE_ENDIAN,
.valid = {
+ .min_access_size = 4,
+ .max_access_size = 8,
+ },
+ .impl = {
.min_access_size = 4,
.max_access_size = 4,
},

View File

@ -954,11 +954,11 @@ index 13e0c4f5a7dce51094fcbb77d069..b3b48120150b89d83c560ef2c9da 100644
{"return": {}}
*** done
diff --git a/tests/qemu-iotests/153.out b/tests/qemu-iotests/153.out
index 8fbc7413e716462a4f196c39db5e..4e9c4607bdb3d46c24bad9e80f64 100644
index fcaa71aeeebd855d684d8056410f..ff8e55864a53501197bb4a66bf99 100644
--- a/tests/qemu-iotests/153.out
+++ b/tests/qemu-iotests/153.out
@@ -427,7 +427,8 @@ _qemu_img_wrapper commit -b TEST_DIR/t.qcow2.b TEST_DIR/t.qcow2.c
{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "SHUTDOWN", "data": {"guest": false, "reason": "host-qmp-quit"}}
@@ -425,7 +425,8 @@ _qemu_img_wrapper commit -b TEST_DIR/t.qcow2.b TEST_DIR/t.qcow2.c
{ 'execute': 'qmp_capabilities' }
{"return": {}}
Adding drive
-{ 'execute': 'human-monitor-command', 'arguments': { 'command-line': 'drive_add 0 if=none,id=d0,file=TEST_DIR/t.IMGFMT' } }
@ -967,7 +967,7 @@ index 8fbc7413e716462a4f196c39db5e..4e9c4607bdb3d46c24bad9e80f64 100644
{"return": "OKrn"}
_qemu_io_wrapper TEST_DIR/t.qcow2 -c write 0 512
@@ -437,25 +438,30 @@ Creating overlay with qemu-img when the guest is running should be allowed
@@ -435,25 +436,30 @@ Creating overlay with qemu-img when the guest is running should be allowed
_qemu_img_wrapper create -f qcow2 -b TEST_DIR/t.qcow2 -F qcow2 TEST_DIR/t.qcow2.overlay
== Closing an image should unlock it ==
@ -1629,7 +1629,7 @@ index 85acda4635b37c14c40c485ca288..92ec81db034fd8af8520d160033c 100644
{"return": "Block node is read-onlyrn"}
*** done
diff --git a/tests/qemu-iotests/common.qemu b/tests/qemu-iotests/common.qemu
index 4f2557cc568beed038223af7660b..3ecff3edfa7569d49ec7d81c2195 100644
index de680cf1c7c92e50b82aa2bc0262..ef105dfc393e96c6ef2f34c1466d 100644
--- a/tests/qemu-iotests/common.qemu
+++ b/tests/qemu-iotests/common.qemu
@@ -146,14 +146,9 @@ _send_qemu_cmd()

View File

@ -0,0 +1,119 @@
From: Markus Armbruster <armbru@redhat.com>
Date: Wed, 25 Nov 2020 11:02:20 +0100
Subject: net: Fix handling of id in netdev_add and netdev_del
Git-commit: 831734cce6494032e9233caff4d8442b3a1e7fef
CLI -netdev accumulates in option group "netdev".
Before commit 08712fcb85 "net: Track netdevs in NetClientState rather
than QemuOpt", netdev_add added to the option group, and netdev_del
removed from it, both HMP and QMP. Thus, every netdev had a
corresponding QemuOpts in this option group.
Commit 08712fcb85 dropped this for QMP netdev_add and both netdev_del.
Now a netdev has a corresponding QemuOpts only when it was created
with CLI or HMP. Two issues:
* QMP and HMP netdev_del can leave QemuOpts behind, breaking HMP
netdev_add. Reproducer:
$ qemu-system-x86_64 -S -display none -nodefaults -monitor stdio
QEMU 5.1.92 monitor - type 'help' for more information
(qemu) netdev_add user,id=net0
(qemu) info network
net0: index=0,type=user,net=10.0.2.0,restrict=off
(qemu) netdev_del net0
(qemu) info network
(qemu) netdev_add user,id=net0
upstream-qemu: Duplicate ID 'net0' for netdev
Try "help netdev_add" for more information
Fix by restoring the QemuOpts deletion in qmp_netdev_del(), but with
a guard, because the QemuOpts need not exist.
* QMP netdev_add loses its "no duplicate ID" check. Reproducer:
$ qemu-system-x86_64 -S -display none -qmp stdio
{"QMP": {"version": {"qemu": {"micro": 92, "minor": 1, "major": 5}, "package": "v5.2.0-rc2-1-g02c1f0142c"}, "capabilities": ["oob"]}}
{"execute": "qmp_capabilities"}
{"return": {}}
{"execute": "netdev_add", "arguments": {"type": "user", "id":"net0"}}
{"return": {}}
{"execute": "netdev_add", "arguments": {"type": "user", "id":"net0"}}
{"return": {}}
Fix by adding a duplicate ID check to net_client_init1() to replace
the lost one. The check is redundant for callers where QemuOpts
still checks, i.e. for CLI and HMP.
Reported-by: Andrew Melnichenko <andrew@daynix.com>
Fixes: 08712fcb851034228b61f75bd922863a984a4f60
Cc: qemu-stable@nongnu.org
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
net/net.c | 20 ++++++++++++++++++--
1 file changed, 18 insertions(+), 2 deletions(-)
diff --git a/net/net.c b/net/net.c
index 6a2c3d95670ed5fec78078276301..af35fb2db7cd99933d20f8613ab3 100644
--- a/net/net.c
+++ b/net/net.c
@@ -983,6 +983,7 @@ static int (* const net_client_init_fun[NET_CLIENT_DRIVER__MAX])(
static int net_client_init1(const Netdev *netdev, bool is_netdev, Error **errp)
{
NetClientState *peer = NULL;
+ NetClientState *nc;
if (is_netdev) {
if (netdev->type == NET_CLIENT_DRIVER_NIC ||
@@ -1010,6 +1011,12 @@ static int net_client_init1(const Netdev *netdev, bool is_netdev, Error **errp)
}
}
+ nc = qemu_find_netdev(netdev->id);
+ if (nc) {
+ error_setg(errp, "Duplicate ID '%s'", netdev->id);
+ return -1;
+ }
+
if (net_client_init_fun[netdev->type](netdev, netdev->id, peer, errp) < 0) {
/* FIXME drop when all init functions store an Error */
if (errp && !*errp) {
@@ -1020,8 +1027,6 @@ static int net_client_init1(const Netdev *netdev, bool is_netdev, Error **errp)
}
if (is_netdev) {
- NetClientState *nc;
-
nc = qemu_find_netdev(netdev->id);
assert(nc);
nc->is_netdev = true;
@@ -1135,6 +1140,7 @@ void qmp_netdev_add(Netdev *netdev, Error **errp)
void qmp_netdev_del(const char *id, Error **errp)
{
NetClientState *nc;
+ QemuOpts *opts;
nc = qemu_find_netdev(id);
if (!nc) {
@@ -1149,6 +1155,16 @@ void qmp_netdev_del(const char *id, Error **errp)
}
qemu_del_net_client(nc);
+
+ /*
+ * Wart: we need to delete the QemuOpts associated with netdevs
+ * created via CLI or HMP, to avoid bogus "Duplicate ID" errors in
+ * HMP netdev_add.
+ */
+ opts = qemu_opts_find(qemu_find_opts("netdev"), id);
+ if (opts) {
+ qemu_opts_del(opts);
+ }
}
static void netfilter_print_info(Monitor *mon, NetFilterState *nf)

View File

@ -1,3 +1,32 @@
-------------------------------------------------------------------
Fri Feb 5 18:54:34 UTC 2021 - Bruce Rogers <brogers@suse.com>
- Include upstream patches designated as stable material and
reviewed for applicability to include here
block-Separate-blk_is_writable-and-blk_s.patch
hw-intc-arm_gic-Fix-interrupt-ID-in-GICD.patch
hw-net-lan9118-Fix-RX-Status-FIFO-PEEK-v.patch
hw-timer-slavio_timer-Allow-64-bit-acces.patch
net-Fix-handling-of-id-in-netdev_add-and.patch
target-arm-Don-t-decode-insns-in-the-XSc.patch
target-arm-Fix-MTE0_ACTIVE.patch
target-arm-Introduce-PREDDESC-field-defi.patch
target-arm-Update-PFIRST-PNEXT-for-pred_.patch
target-arm-Update-REV-PUNPK-for-pred_des.patch
target-arm-Update-ZIP-UZP-TRN-for-pred_d.patch
tcg-Use-memset-for-large-vector-byte-rep.patch
ui-vnc-Add-missing-lock-for-send_color_m.patch
virtio-move-use-disabled-flag-property-t.patch
-------------------------------------------------------------------
Thu Feb 4 18:21:28 UTC 2021 - Bruce Rogers <brogers@suse.com>
- binutils v2.36 has changed the handling of the assembler's
-mx86-used-note, resulting in a build failure. To compensate, we
now explicitly specify -mx86-used-note=no in the seabios Makefile
(boo#1181775)
build-be-explicit-about-mx86-used-note-n.patch
-------------------------------------------------------------------
Fri Jan 29 14:41:19 UTC 2021 - Bruce Rogers <brogers@suse.com>

148
qemu.spec
View File

@ -131,63 +131,78 @@ Source303: README.PACKAGING
# This patch queue is auto-generated - see README.PACKAGING for process
# Patches applied in base project:
Patch00000: block-Simplify-qmp_block_resize-error-pa.patch
Patch00001: block-Fix-locking-in-qmp_block_resize.patch
Patch00002: block-Fix-deadlock-in-bdrv_co_yield_to_d.patch
Patch00003: audio-add-sanity-check.patch
Patch00004: build-no-pie-is-no-functional-linker-fla.patch
Patch00005: block-nfs-fix-int-overflow-in-nfs_client.patch
Patch00006: XXX-dont-dump-core-on-sigabort.patch
Patch00007: qemu-binfmt-conf-Modify-default-path.patch
Patch00008: qemu-cvs-gettimeofday.patch
Patch00009: qemu-cvs-ioctl_debug.patch
Patch00010: qemu-cvs-ioctl_nodirection.patch
Patch00011: linux-user-add-binfmt-wrapper-for-argv-0.patch
Patch00012: PPC-KVM-Disable-mmu-notifier-check.patch
Patch00013: linux-user-binfmt-support-host-binaries.patch
Patch00014: linux-user-Fake-proc-cpuinfo.patch
Patch00015: linux-user-use-target_ulong.patch
Patch00016: Make-char-muxer-more-robust-wrt-small-FI.patch
Patch00017: linux-user-lseek-explicitly-cast-non-set.patch
Patch00018: AIO-Reduce-number-of-threads-for-32bit-h.patch
Patch00019: xen_disk-Add-suse-specific-flush-disable.patch
Patch00020: qemu-bridge-helper-reduce-security-profi.patch
Patch00021: qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch
Patch00022: roms-Makefile-pass-a-packaging-timestamp.patch
Patch00023: Raise-soft-address-space-limit-to-hard-l.patch
Patch00024: increase-x86_64-physical-bits-to-42.patch
Patch00025: i8254-Fix-migration-from-SLE11-SP2.patch
Patch00026: acpi_piix4-Fix-migration-from-SLE11-SP2.patch
Patch00027: Make-installed-scripts-explicitly-python.patch
Patch00028: hw-smbios-handle-both-file-formats-regar.patch
Patch00029: xen-add-block-resize-support-for-xen-dis.patch
Patch00030: tests-qemu-iotests-Triple-timeout-of-i-o.patch
Patch00031: tests-Fix-block-tests-to-be-compatible-w.patch
Patch00032: xen-ignore-live-parameter-from-xen-save-.patch
Patch00033: tests-change-error-message-in-test-162.patch
Patch00034: hw-intc-exynos4210_gic-provide-more-room.patch
Patch00035: configure-only-populate-roms-if-softmmu.patch
Patch00036: pc-bios-s390-ccw-net-avoid-warning-about.patch
Patch00037: roms-change-cross-compiler-naming-to-be-.patch
Patch00038: test-add-mapping-from-arch-of-i686-to-qe.patch
Patch00039: configure-remove-pkgversion-from-CONFIG_.patch
Patch00040: docs-add-SUSE-support-statements-to-html.patch
Patch00041: s390x-Fix-stringop-truncation-issue-repo.patch
Patch00042: Revert-qht-constify-qht_statistics_init.patch
Patch00043: qht-Revert-some-constification-in-qht.c.patch
Patch00044: meson-install-ivshmem-client-and-ivshmem.patch
Patch00045: Revert-roms-efirom-tests-uefi-test-tools.patch
Patch00046: Makefile-Don-t-check-pc-bios-as-pre-requ.patch
Patch00047: roms-Makefile-add-cross-file-to-qboot-me.patch
Patch00048: usb-Help-compiler-out-to-avoid-a-warning.patch
Patch00049: iotests-Fix-_send_qemu_cmd-with-bash-5.1.patch
Patch00050: module-for-virtio-gpu-pre-load-module-to.patch
Patch00051: spice-app-avoid-crash-when-core-spice-mo.patch
Patch00052: qom-handle-case-of-chardev-spice-module-.patch
Patch00000: ui-vnc-Add-missing-lock-for-send_color_m.patch
Patch00001: block-Simplify-qmp_block_resize-error-pa.patch
Patch00002: block-Fix-locking-in-qmp_block_resize.patch
Patch00003: block-Fix-deadlock-in-bdrv_co_yield_to_d.patch
Patch00004: audio-add-sanity-check.patch
Patch00005: build-no-pie-is-no-functional-linker-fla.patch
Patch00006: block-nfs-fix-int-overflow-in-nfs_client.patch
Patch00007: iotests-Fix-_send_qemu_cmd-with-bash-5.1.patch
Patch00008: tcg-Use-memset-for-large-vector-byte-rep.patch
Patch00009: hw-timer-slavio_timer-Allow-64-bit-acces.patch
Patch00010: target-arm-Fix-MTE0_ACTIVE.patch
Patch00011: target-arm-Don-t-decode-insns-in-the-XSc.patch
Patch00012: hw-net-lan9118-Fix-RX-Status-FIFO-PEEK-v.patch
Patch00013: target-arm-Introduce-PREDDESC-field-defi.patch
Patch00014: target-arm-Update-PFIRST-PNEXT-for-pred_.patch
Patch00015: target-arm-Update-ZIP-UZP-TRN-for-pred_d.patch
Patch00016: target-arm-Update-REV-PUNPK-for-pred_des.patch
Patch00017: net-Fix-handling-of-id-in-netdev_add-and.patch
Patch00018: block-Separate-blk_is_writable-and-blk_s.patch
Patch00019: hw-intc-arm_gic-Fix-interrupt-ID-in-GICD.patch
Patch00020: virtio-move-use-disabled-flag-property-t.patch
Patch00021: XXX-dont-dump-core-on-sigabort.patch
Patch00022: qemu-binfmt-conf-Modify-default-path.patch
Patch00023: qemu-cvs-gettimeofday.patch
Patch00024: qemu-cvs-ioctl_debug.patch
Patch00025: qemu-cvs-ioctl_nodirection.patch
Patch00026: linux-user-add-binfmt-wrapper-for-argv-0.patch
Patch00027: PPC-KVM-Disable-mmu-notifier-check.patch
Patch00028: linux-user-binfmt-support-host-binaries.patch
Patch00029: linux-user-Fake-proc-cpuinfo.patch
Patch00030: linux-user-use-target_ulong.patch
Patch00031: Make-char-muxer-more-robust-wrt-small-FI.patch
Patch00032: linux-user-lseek-explicitly-cast-non-set.patch
Patch00033: AIO-Reduce-number-of-threads-for-32bit-h.patch
Patch00034: xen_disk-Add-suse-specific-flush-disable.patch
Patch00035: qemu-bridge-helper-reduce-security-profi.patch
Patch00036: qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch
Patch00037: roms-Makefile-pass-a-packaging-timestamp.patch
Patch00038: Raise-soft-address-space-limit-to-hard-l.patch
Patch00039: increase-x86_64-physical-bits-to-42.patch
Patch00040: i8254-Fix-migration-from-SLE11-SP2.patch
Patch00041: acpi_piix4-Fix-migration-from-SLE11-SP2.patch
Patch00042: Make-installed-scripts-explicitly-python.patch
Patch00043: hw-smbios-handle-both-file-formats-regar.patch
Patch00044: xen-add-block-resize-support-for-xen-dis.patch
Patch00045: tests-qemu-iotests-Triple-timeout-of-i-o.patch
Patch00046: tests-Fix-block-tests-to-be-compatible-w.patch
Patch00047: xen-ignore-live-parameter-from-xen-save-.patch
Patch00048: tests-change-error-message-in-test-162.patch
Patch00049: hw-intc-exynos4210_gic-provide-more-room.patch
Patch00050: configure-only-populate-roms-if-softmmu.patch
Patch00051: pc-bios-s390-ccw-net-avoid-warning-about.patch
Patch00052: roms-change-cross-compiler-naming-to-be-.patch
Patch00053: test-add-mapping-from-arch-of-i686-to-qe.patch
Patch00054: configure-remove-pkgversion-from-CONFIG_.patch
Patch00055: docs-add-SUSE-support-statements-to-html.patch
Patch00056: s390x-Fix-stringop-truncation-issue-repo.patch
Patch00057: Revert-qht-constify-qht_statistics_init.patch
Patch00058: qht-Revert-some-constification-in-qht.c.patch
Patch00059: meson-install-ivshmem-client-and-ivshmem.patch
Patch00060: Revert-roms-efirom-tests-uefi-test-tools.patch
Patch00061: Makefile-Don-t-check-pc-bios-as-pre-requ.patch
Patch00062: roms-Makefile-add-cross-file-to-qboot-me.patch
Patch00063: usb-Help-compiler-out-to-avoid-a-warning.patch
Patch00064: module-for-virtio-gpu-pre-load-module-to.patch
Patch00065: spice-app-avoid-crash-when-core-spice-mo.patch
Patch00066: qom-handle-case-of-chardev-spice-module-.patch
# Patches applied in roms/seabios/:
Patch01000: seabios-use-python2-explicitly-as-needed.patch
Patch01001: seabios-switch-to-python3-as-needed.patch
Patch01002: enable-cross-compilation-on-ARM.patch
Patch01003: build-be-explicit-about-mx86-used-note-n.patch
# Patches applied in roms/ipxe/:
Patch02000: stub-out-the-SAN-req-s-in-int13.patch
Patch02001: ipxe-Makefile-fix-issues-of-build-reprod.patch
@ -1037,28 +1052,43 @@ This package records qemu testsuite results and represents successful testing.
%patch00037 -p1
%patch00038 -p1
%patch00039 -p1
%if %{legacy_qemu_kvm}
%patch00040 -p1
%endif
%patch00041 -p1
%patch00042 -p1
%patch00043 -p1
%patch00044 -p1
%patch00045 -p1
%patch00046 -p1
%ifarch aarch64
%patch00047 -p1
%endif
%ifarch %arm %ix86
%patch00048 -p1
%endif
%patch00049 -p1
%patch00050 -p1
%patch00051 -p1
%patch00052 -p1
%patch00053 -p1
%patch00054 -p1
%if %{legacy_qemu_kvm}
%patch00055 -p1
%endif
%patch00056 -p1
%patch00057 -p1
%patch00058 -p1
%patch00059 -p1
%patch00060 -p1
%patch00061 -p1
%ifarch aarch64
%patch00062 -p1
%endif
%ifarch %arm %ix86
%patch00063 -p1
%endif
%patch00064 -p1
%patch00065 -p1
%patch00066 -p1
%patch01000 -p1
%patch01001 -p1
%patch01002 -p1
%patch01003 -p1
%if 0%{?patch-possibly-applied-elsewhere}
%patch02000 -p1
%endif

View File

@ -0,0 +1,48 @@
From: Peter Maydell <peter.maydell@linaro.org>
Date: Fri, 8 Jan 2021 19:51:57 +0000
Subject: target/arm: Don't decode insns in the XScale/iWMMXt space as cp insns
Git-commit: e4d51ac6921dc861bfb3d20e4c7dcf345840a9da
In commit cd8be50e58f63413c0 we converted the A32 coprocessor
insns to decodetree. This accidentally broke XScale/iWMMXt insns,
because it moved the handling of "cp insns which are handled
by looking up the cp register in the hashtable" from after the
call to the legacy disas_xscale_insn() decode to before it,
with the result that all XScale/iWMMXt insns now UNDEF.
Update valid_cp() so that it knows that on XScale cp 0 and 1
are not standard coprocessor instructions; this will cause
the decodetree trans_ functions to ignore them, so that
execution will correctly get through to the legacy decode again.
Cc: qemu-stable@nongnu.org
Reported-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 20210108195157.32067-1-peter.maydell@linaro.org
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
target/arm/translate.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/target/arm/translate.c b/target/arm/translate.c
index 6d04ca3a8a09818cfbfba706a4c3..8089a4ff7e542204a6a1bf6f5637 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -5275,7 +5275,14 @@ static bool valid_cp(DisasContext *s, int cp)
* only cp14 and cp15 are valid, and other values aren't considered
* to be in the coprocessor-instruction space at all. v8M still
* permits coprocessors 0..7.
+ * For XScale, we must not decode the XScale cp0, cp1 space as
+ * a standard coprocessor insn, because we want to fall through to
+ * the legacy disas_xscale_insn() decoder after decodetree is done.
*/
+ if (arm_dc_feature(s, ARM_FEATURE_XSCALE) && (cp == 0 || cp == 1)) {
+ return false;
+ }
+
if (arm_dc_feature(s, ARM_FEATURE_V8) &&
!arm_dc_feature(s, ARM_FEATURE_M)) {
return cp >= 14;

View File

@ -0,0 +1,35 @@
From: Richard Henderson <richard.henderson@linaro.org>
Date: Mon, 21 Dec 2020 12:44:26 -0800
Subject: target/arm: Fix MTE0_ACTIVE
Git-commit: cc97b0019bb590b9b3c2a623e9ebee48831e0ce3
In 50244cc76abc we updated mte_check_fail to match the ARM
pseudocode, using the correct EL to select the TCF field.
But we failed to update MTE0_ACTIVE the same way, which led
to g_assert_not_reached().
Cc: qemu-stable@nongnu.org
Buglink: https://bugs.launchpad.net/bugs/1907137
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20201221204426.88514-1-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
target/arm/helper.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 38cd35c049292d40df5a35854f4b..194d752763b2a74af2e4e45e0a96 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -12927,7 +12927,7 @@ static uint32_t rebuild_hflags_a64(CPUARMState *env, int el, int fp_el,
if (FIELD_EX32(flags, TBFLAG_A64, UNPRIV)
&& tbid
&& !(env->pstate & PSTATE_TCO)
- && (sctlr & SCTLR_TCF0)
+ && (sctlr & SCTLR_TCF)
&& allocation_tag_access_enabled(env, 0, sctlr)) {
flags = FIELD_DP32(flags, TBFLAG_A64, MTE0_ACTIVE, 1);
}

View File

@ -0,0 +1,45 @@
From: Richard Henderson <richard.henderson@linaro.org>
Date: Tue, 12 Jan 2021 20:26:47 -1000
Subject: target/arm: Introduce PREDDESC field definitions
Git-commit: b64ee454a4a086ed459bcda4c0bbb54e197841e4
SVE predicate operations cannot use the "usual" simd_desc
encoding, because the lengths are not a multiple of 8.
But we were abusing the SIMD_* fields to store values anyway.
This abuse broke when SIMD_OPRSZ_BITS was modified in e2e7168a214.
Introduce a new set of field definitions for exclusive use
of predicates, so that it is obvious what kind of predicate
we are manipulating. To be used in future patches.
Cc: qemu-stable@nongnu.org
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210113062650.593824-2-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
target/arm/internals.h | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/target/arm/internals.h b/target/arm/internals.h
index 5460678756d3c4e5f34abe5f6411..73698587d6b8eeffd6ccd1515e7a 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -1312,6 +1312,15 @@ void arm_log_exception(int idx);
#define LOG2_TAG_GRANULE 4
#define TAG_GRANULE (1 << LOG2_TAG_GRANULE)
+/*
+ * SVE predicates are 1/8 the size of SVE vectors, and cannot use
+ * the same simd_desc() encoding due to restrictions on size.
+ * Use these instead.
+ */
+FIELD(PREDDESC, OPRSZ, 0, 6)
+FIELD(PREDDESC, ESZ, 6, 2)
+FIELD(PREDDESC, DATA, 8, 24)
+
/*
* The SVE simd_data field, for memory ops, contains either
* rd (5 bits) or a shift count (2 bits).

View File

@ -0,0 +1,65 @@
From: Richard Henderson <richard.henderson@linaro.org>
Date: Tue, 12 Jan 2021 20:26:48 -1000
Subject: target/arm: Update PFIRST, PNEXT for pred_desc
Git-commit: 86300b5d044064046395ae8ed605cc19e63f2a7c
These two were odd, in that do_pfirst_pnext passed the
count of 64-bit words rather than bytes. Change to pass
the standard pred_full_reg_size to avoid confusion.
Cc: qemu-stable@nongnu.org
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210113062650.593824-3-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
target/arm/sve_helper.c | 7 ++++---
target/arm/translate-sve.c | 6 +++---
2 files changed, 7 insertions(+), 6 deletions(-)
diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
index 5f037c3a8f8cbc6c093433703153..ff01851bf288009ec3e7585b8e03 100644
--- a/target/arm/sve_helper.c
+++ b/target/arm/sve_helper.c
@@ -889,8 +889,9 @@ static intptr_t last_active_element(uint64_t *g, intptr_t words, intptr_t esz)
return (intptr_t)-1 << esz;
}
-uint32_t HELPER(sve_pfirst)(void *vd, void *vg, uint32_t words)
+uint32_t HELPER(sve_pfirst)(void *vd, void *vg, uint32_t pred_desc)
{
+ intptr_t words = DIV_ROUND_UP(FIELD_EX32(pred_desc, PREDDESC, OPRSZ), 8);
uint32_t flags = PREDTEST_INIT;
uint64_t *d = vd, *g = vg;
intptr_t i = 0;
@@ -914,8 +915,8 @@ uint32_t HELPER(sve_pfirst)(void *vd, void *vg, uint32_t words)
uint32_t HELPER(sve_pnext)(void *vd, void *vg, uint32_t pred_desc)
{
- intptr_t words = extract32(pred_desc, 0, SIMD_OPRSZ_BITS);
- intptr_t esz = extract32(pred_desc, SIMD_DATA_SHIFT, 2);
+ intptr_t words = DIV_ROUND_UP(FIELD_EX32(pred_desc, PREDDESC, OPRSZ), 8);
+ intptr_t esz = FIELD_EX32(pred_desc, PREDDESC, ESZ);
uint32_t flags = PREDTEST_INIT;
uint64_t *d = vd, *g = vg, esz_mask;
intptr_t i, next;
diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c
index 0c3a6d21210404a1340e58c9a021..efcb646f729b1dbe4f7989e2fb9d 100644
--- a/target/arm/translate-sve.c
+++ b/target/arm/translate-sve.c
@@ -1494,10 +1494,10 @@ static bool do_pfirst_pnext(DisasContext *s, arg_rr_esz *a,
TCGv_ptr t_pd = tcg_temp_new_ptr();
TCGv_ptr t_pg = tcg_temp_new_ptr();
TCGv_i32 t;
- unsigned desc;
+ unsigned desc = 0;
- desc = DIV_ROUND_UP(pred_full_reg_size(s), 8);
- desc = deposit32(desc, SIMD_DATA_SHIFT, 2, a->esz);
+ desc = FIELD_DP32(desc, PREDDESC, OPRSZ, pred_full_reg_size(s));
+ desc = FIELD_DP32(desc, PREDDESC, ESZ, a->esz);
tcg_gen_addi_ptr(t_pd, cpu_env, pred_full_reg_offset(s, a->rd));
tcg_gen_addi_ptr(t_pg, cpu_env, pred_full_reg_offset(s, a->rn));

View File

@ -0,0 +1,75 @@
From: Richard Henderson <richard.henderson@linaro.org>
Date: Tue, 12 Jan 2021 20:26:50 -1000
Subject: target/arm: Update REV, PUNPK for pred_desc
Git-commit: 70acaafef2e053a312d54c09b6721c730690e72c
Update all users of do_perm_pred2 for the new
predicate descriptor field definitions.
Cc: qemu-stable@nongnu.org
Buglink: https://bugs.launchpad.net/bugs/1908551
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210113062650.593824-5-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
target/arm/sve_helper.c | 8 ++++----
target/arm/translate-sve.c | 13 ++++---------
2 files changed, 8 insertions(+), 13 deletions(-)
diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
index 7eec4b6b73a273ecaf2fc218d8d4..844db08bd577016081329d6c4002 100644
--- a/target/arm/sve_helper.c
+++ b/target/arm/sve_helper.c
@@ -2036,8 +2036,8 @@ static uint8_t reverse_bits_8(uint8_t x, int n)
void HELPER(sve_rev_p)(void *vd, void *vn, uint32_t pred_desc)
{
- intptr_t oprsz = extract32(pred_desc, 0, SIMD_OPRSZ_BITS) + 2;
- int esz = extract32(pred_desc, SIMD_DATA_SHIFT, 2);
+ intptr_t oprsz = FIELD_EX32(pred_desc, PREDDESC, OPRSZ);
+ int esz = FIELD_EX32(pred_desc, PREDDESC, ESZ);
intptr_t i, oprsz_2 = oprsz / 2;
if (oprsz <= 8) {
@@ -2066,8 +2066,8 @@ void HELPER(sve_rev_p)(void *vd, void *vn, uint32_t pred_desc)
void HELPER(sve_punpk_p)(void *vd, void *vn, uint32_t pred_desc)
{
- intptr_t oprsz = extract32(pred_desc, 0, SIMD_OPRSZ_BITS) + 2;
- intptr_t high = extract32(pred_desc, SIMD_DATA_SHIFT + 2, 1);
+ intptr_t oprsz = FIELD_EX32(pred_desc, PREDDESC, OPRSZ);
+ intptr_t high = FIELD_EX32(pred_desc, PREDDESC, DATA);
uint64_t *d = vd;
intptr_t i;
diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c
index 0baca176a090001de915a7866af4..27402af23c0b58fa94b4ac185951 100644
--- a/target/arm/translate-sve.c
+++ b/target/arm/translate-sve.c
@@ -2145,19 +2145,14 @@ static bool do_perm_pred2(DisasContext *s, arg_rr_esz *a, bool high_odd,
TCGv_ptr t_d = tcg_temp_new_ptr();
TCGv_ptr t_n = tcg_temp_new_ptr();
TCGv_i32 t_desc;
- int desc;
+ uint32_t desc = 0;
tcg_gen_addi_ptr(t_d, cpu_env, pred_full_reg_offset(s, a->rd));
tcg_gen_addi_ptr(t_n, cpu_env, pred_full_reg_offset(s, a->rn));
- /* Predicate sizes may be smaller and cannot use simd_desc.
- We cannot round up, as we do elsewhere, because we need
- the exact size for ZIP2 and REV. We retain the style for
- the other helpers for consistency. */
-
- desc = vsz - 2;
- desc = deposit32(desc, SIMD_DATA_SHIFT, 2, a->esz);
- desc = deposit32(desc, SIMD_DATA_SHIFT + 2, 2, high_odd);
+ desc = FIELD_DP32(desc, PREDDESC, OPRSZ, vsz);
+ desc = FIELD_DP32(desc, PREDDESC, ESZ, a->esz);
+ desc = FIELD_DP32(desc, PREDDESC, DATA, high_odd);
t_desc = tcg_const_i32(desc);
fn(t_d, t_n, t_desc);

View File

@ -0,0 +1,91 @@
From: Richard Henderson <richard.henderson@linaro.org>
Date: Tue, 12 Jan 2021 20:26:49 -1000
Subject: target/arm: Update ZIP, UZP, TRN for pred_desc
Git-commit: f9b0fcceccfc05cde62ff7577fbf2bc13b842414
Update all users of do_perm_pred3 for the new
predicate descriptor field definitions.
Cc: qemu-stable@nongnu.org
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210113062650.593824-4-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
target/arm/sve_helper.c | 18 +++++++++---------
target/arm/translate-sve.c | 12 ++++--------
2 files changed, 13 insertions(+), 17 deletions(-)
diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
index ff01851bf288009ec3e7585b8e03..7eec4b6b73a273ecaf2fc218d8d4 100644
--- a/target/arm/sve_helper.c
+++ b/target/arm/sve_helper.c
@@ -1868,9 +1868,9 @@ static uint64_t compress_bits(uint64_t x, int n)
void HELPER(sve_zip_p)(void *vd, void *vn, void *vm, uint32_t pred_desc)
{
- intptr_t oprsz = extract32(pred_desc, 0, SIMD_OPRSZ_BITS) + 2;
- int esz = extract32(pred_desc, SIMD_DATA_SHIFT, 2);
- intptr_t high = extract32(pred_desc, SIMD_DATA_SHIFT + 2, 1);
+ intptr_t oprsz = FIELD_EX32(pred_desc, PREDDESC, OPRSZ);
+ int esz = FIELD_EX32(pred_desc, PREDDESC, ESZ);
+ intptr_t high = FIELD_EX32(pred_desc, PREDDESC, DATA);
uint64_t *d = vd;
intptr_t i;
@@ -1929,9 +1929,9 @@ void HELPER(sve_zip_p)(void *vd, void *vn, void *vm, uint32_t pred_desc)
void HELPER(sve_uzp_p)(void *vd, void *vn, void *vm, uint32_t pred_desc)
{
- intptr_t oprsz = extract32(pred_desc, 0, SIMD_OPRSZ_BITS) + 2;
- int esz = extract32(pred_desc, SIMD_DATA_SHIFT, 2);
- int odd = extract32(pred_desc, SIMD_DATA_SHIFT + 2, 1) << esz;
+ intptr_t oprsz = FIELD_EX32(pred_desc, PREDDESC, OPRSZ);
+ int esz = FIELD_EX32(pred_desc, PREDDESC, ESZ);
+ int odd = FIELD_EX32(pred_desc, PREDDESC, DATA) << esz;
uint64_t *d = vd, *n = vn, *m = vm;
uint64_t l, h;
intptr_t i;
@@ -1986,9 +1986,9 @@ void HELPER(sve_uzp_p)(void *vd, void *vn, void *vm, uint32_t pred_desc)
void HELPER(sve_trn_p)(void *vd, void *vn, void *vm, uint32_t pred_desc)
{
- intptr_t oprsz = extract32(pred_desc, 0, SIMD_OPRSZ_BITS) + 2;
- uintptr_t esz = extract32(pred_desc, SIMD_DATA_SHIFT, 2);
- bool odd = extract32(pred_desc, SIMD_DATA_SHIFT + 2, 1);
+ intptr_t oprsz = FIELD_EX32(pred_desc, PREDDESC, OPRSZ);
+ int esz = FIELD_EX32(pred_desc, PREDDESC, ESZ);
+ int odd = FIELD_EX32(pred_desc, PREDDESC, DATA);
uint64_t *d = vd, *n = vn, *m = vm;
uint64_t mask;
int shr, shl;
diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c
index efcb646f729b1dbe4f7989e2fb9d..0baca176a090001de915a7866af4 100644
--- a/target/arm/translate-sve.c
+++ b/target/arm/translate-sve.c
@@ -2110,19 +2110,15 @@ static bool do_perm_pred3(DisasContext *s, arg_rrr_esz *a, bool high_odd,
unsigned vsz = pred_full_reg_size(s);
- /* Predicate sizes may be smaller and cannot use simd_desc.
- We cannot round up, as we do elsewhere, because we need
- the exact size for ZIP2 and REV. We retain the style for
- the other helpers for consistency. */
TCGv_ptr t_d = tcg_temp_new_ptr();
TCGv_ptr t_n = tcg_temp_new_ptr();
TCGv_ptr t_m = tcg_temp_new_ptr();
TCGv_i32 t_desc;
- int desc;
+ uint32_t desc = 0;
- desc = vsz - 2;
- desc = deposit32(desc, SIMD_DATA_SHIFT, 2, a->esz);
- desc = deposit32(desc, SIMD_DATA_SHIFT + 2, 2, high_odd);
+ desc = FIELD_DP32(desc, PREDDESC, OPRSZ, vsz);
+ desc = FIELD_DP32(desc, PREDDESC, ESZ, a->esz);
+ desc = FIELD_DP32(desc, PREDDESC, DATA, high_odd);
tcg_gen_addi_ptr(t_d, cpu_env, pred_full_reg_offset(s, a->rd));
tcg_gen_addi_ptr(t_n, cpu_env, pred_full_reg_offset(s, a->rn));

View File

@ -0,0 +1,123 @@
From: Richard Henderson <richard.henderson@linaro.org>
Date: Tue, 15 Dec 2020 11:47:59 -0600
Subject: tcg: Use memset for large vector byte replication
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: 6d3ef04893bdea3e7aa08be3cce5141902836a31
In f47db80cc07, we handled odd-sized tail clearing for
the case of hosts that have vector operations, but did
not handle the case of hosts that do not have vector ops.
This was ok until e2e7168a214b, which changed the encoding
of simd_desc such that the odd sizes are impossible.
Add memset as a tcg helper, and use that for all out-of-line
byte stores to vectors. This includes, but is not limited to,
the tail clearing operation in question.
Cc: qemu-stable@nongnu.org
Buglink: https://bugs.launchpad.net/bugs/1907817
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
accel/tcg/tcg-runtime.h | 11 +++++++++++
include/exec/helper-proto.h | 4 ++++
tcg/tcg-op-gvec.c | 32 ++++++++++++++++++++++++++++++++
3 files changed, 47 insertions(+)
diff --git a/accel/tcg/tcg-runtime.h b/accel/tcg/tcg-runtime.h
index 4eda24e63af46de4873822cdabf5..2e36d6eb0c66393ffa3656e88401 100644
--- a/accel/tcg/tcg-runtime.h
+++ b/accel/tcg/tcg-runtime.h
@@ -28,6 +28,17 @@ DEF_HELPER_FLAGS_1(lookup_tb_ptr, TCG_CALL_NO_WG_SE, ptr, env)
DEF_HELPER_FLAGS_1(exit_atomic, TCG_CALL_NO_WG, noreturn, env)
+#ifndef IN_HELPER_PROTO
+/*
+ * Pass calls to memset directly to libc, without a thunk in qemu.
+ * Do not re-declare memset, especially since we fudge the type here;
+ * we assume sizeof(void *) == sizeof(size_t), which is true for
+ * all supported hosts.
+ */
+#define helper_memset memset
+DEF_HELPER_FLAGS_3(memset, TCG_CALL_NO_RWG, ptr, ptr, int, ptr)
+#endif /* IN_HELPER_PROTO */
+
#ifdef CONFIG_SOFTMMU
DEF_HELPER_FLAGS_5(atomic_cmpxchgb, TCG_CALL_NO_WG,
diff --git a/include/exec/helper-proto.h b/include/exec/helper-proto.h
index a0a8d9aa46f02eaeec1ffdd6a547..659f9298e8fe2935cd3ea9931d44 100644
--- a/include/exec/helper-proto.h
+++ b/include/exec/helper-proto.h
@@ -35,11 +35,15 @@ dh_ctype(ret) HELPER(name) (dh_ctype(t1), dh_ctype(t2), dh_ctype(t3), \
dh_ctype(t4), dh_ctype(t5), dh_ctype(t6), \
dh_ctype(t7));
+#define IN_HELPER_PROTO
+
#include "helper.h"
#include "trace/generated-helpers.h"
#include "tcg-runtime.h"
#include "plugin-helpers.h"
+#undef IN_HELPER_PROTO
+
#undef DEF_HELPER_FLAGS_0
#undef DEF_HELPER_FLAGS_1
#undef DEF_HELPER_FLAGS_2
diff --git a/tcg/tcg-op-gvec.c b/tcg/tcg-op-gvec.c
index ddbe06b71a81fad997c6348b68d9..1a41dfa90871740669799867f34d 100644
--- a/tcg/tcg-op-gvec.c
+++ b/tcg/tcg-op-gvec.c
@@ -547,6 +547,9 @@ static void do_dup(unsigned vece, uint32_t dofs, uint32_t oprsz,
in_c = dup_const(vece, in_c);
if (in_c == 0) {
oprsz = maxsz;
+ vece = MO_8;
+ } else if (in_c == dup_const(MO_8, in_c)) {
+ vece = MO_8;
}
}
@@ -628,6 +631,35 @@ static void do_dup(unsigned vece, uint32_t dofs, uint32_t oprsz,
/* Otherwise implement out of line. */
t_ptr = tcg_temp_new_ptr();
tcg_gen_addi_ptr(t_ptr, cpu_env, dofs);
+
+ /*
+ * This may be expand_clr for the tail of an operation, e.g.
+ * oprsz == 8 && maxsz == 64. The size of the clear is misaligned
+ * wrt simd_desc and will assert. Simply pass all replicated byte
+ * stores through to memset.
+ */
+ if (oprsz == maxsz && vece == MO_8) {
+ TCGv_ptr t_size = tcg_const_ptr(oprsz);
+ TCGv_i32 t_val;
+
+ if (in_32) {
+ t_val = in_32;
+ } else if (in_64) {
+ t_val = tcg_temp_new_i32();
+ tcg_gen_extrl_i64_i32(t_val, in_64);
+ } else {
+ t_val = tcg_const_i32(in_c);
+ }
+ gen_helper_memset(t_ptr, t_ptr, t_val, t_size);
+
+ if (!in_32) {
+ tcg_temp_free_i32(t_val);
+ }
+ tcg_temp_free_ptr(t_size);
+ tcg_temp_free_ptr(t_ptr);
+ return;
+ }
+
t_desc = tcg_const_i32(simd_desc(oprsz, maxsz, 0));
if (vece == MO_64) {

View File

@ -84,7 +84,7 @@ index 34045ea3cfeb5e30acac17ae8a10..b5cec71dd9a718055d9264e51946 100755
echo
echo "== Detecting -U and force-share conflicts =="
diff --git a/tests/qemu-iotests/153.out b/tests/qemu-iotests/153.out
index fcaa71aeeebd855d684d8056410f..8fbc7413e716462a4f196c39db5e 100644
index ff8e55864a53501197bb4a66bf99..4e9c4607bdb3d46c24bad9e80f64 100644
--- a/tests/qemu-iotests/153.out
+++ b/tests/qemu-iotests/153.out
@@ -424,6 +424,8 @@ Is another process using the image [TEST_DIR/t.qcow2]?
@ -94,9 +94,9 @@ index fcaa71aeeebd855d684d8056410f..8fbc7413e716462a4f196c39db5e 100644
+{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "SHUTDOWN", "data": {"guest": false, "reason": "host-qmp-quit"}}
+{"return": {}}
Adding drive
{ 'execute': 'human-monitor-command', 'arguments': { 'command-line': 'drive_add 0 if=none,id=d0,file=TEST_DIR/t.IMGFMT' } }
{"return": "OKrn"}
@@ -457,6 +459,8 @@ Closing the other
{ 'execute': 'human-monitor-command',
'arguments': { 'command-line': 'drive_add 0 if=none,id=d0,file=TEST_DIR/t.IMGFMT' } }
@@ -463,6 +465,8 @@ Closing the other
{"return": ""}
_qemu_io_wrapper TEST_DIR/t.qcow2 -c write 0 512

View File

@ -13,7 +13,7 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/qemu-iotests/common.qemu b/tests/qemu-iotests/common.qemu
index de680cf1c7c92e50b82aa2bc0262..4f2557cc568beed038223af7660b 100644
index ef105dfc393e96c6ef2f34c1466d..3ecff3edfa7569d49ec7d81c2195 100644
--- a/tests/qemu-iotests/common.qemu
+++ b/tests/qemu-iotests/common.qemu
@@ -76,7 +76,7 @@ _timed_wait_for()

View File

@ -0,0 +1,38 @@
From: Peng Liang <liangpeng10@huawei.com>
Date: Mon, 16 Nov 2020 22:13:38 +0800
Subject: ui/vnc: Add missing lock for send_color_map
Git-commit: 947191b4312a547621566d77d7b922d9e13bb63d
vnc_write() should be locked after the RFB protocol is initialized.
Fixes: 0c426e4534b4 ("vnc: Add support for color map")
Cc: qemu-stable@nongnu.org
Reported-by: Euler Robot <euler.robot@huawei.com>
Signed-off-by: Peng Liang <liangpeng10@huawei.com>
Message-id: 20201116141338.148911-1-liangpeng10@huawei.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
ui/vnc.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/ui/vnc.c b/ui/vnc.c
index 49235056f7a893f5f7c86500afbc..ca3fc376aeb547681e5a26a480b6 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -2156,6 +2156,7 @@ static void send_color_map(VncState *vs)
{
int i;
+ vnc_lock_output(vs);
vnc_write_u8(vs, VNC_MSG_SERVER_SET_COLOUR_MAP_ENTRIES);
vnc_write_u8(vs, 0); /* padding */
vnc_write_u16(vs, 0); /* first color */
@@ -2168,6 +2169,7 @@ static void send_color_map(VncState *vs)
vnc_write_u16(vs, (((i >> pf->gshift) & pf->gmax) << (16 - pf->gbits)));
vnc_write_u16(vs, (((i >> pf->bshift) & pf->bmax) << (16 - pf->bbits)));
}
+ vnc_unlock_output(vs);
}
static void set_pixel_format(VncState *vs, int bits_per_pixel,

View File

@ -159,10 +159,10 @@ bundle2local() {
rm -rf $BUNDLE_DIR
mkdir -p $BUNDLE_DIR
tar xJf bundles.tar.xz -C $BUNDLE_DIR
BUNDLE_FILES=$(find $BUNDLE_DIR -printf "%P\n"|grep "bundle$")
ID_FILES=$(find $BUNDLE_DIR -printf "%P\n"|grep "id$")
for entry in ${BUNDLE_FILES[@]}; do
if [[ $entry =~ ^(.*)[/]*([a-f0-9]{40})[.]bundle$ ]]; then
for entry in ${ID_FILES[@]}; do
if [[ $entry =~ ^(.*)[/]*([a-f0-9]{40})[.]id$ ]]; then
SUBDIR=${BASH_REMATCH[1]}
GITREPO_COMMIT_ISH=${BASH_REMATCH[2]}
else
@ -175,20 +175,29 @@ for entry in ${BUNDLE_FILES[@]}; do
break
fi
done
if [[ "$i" = "REPO_COUNT" ]]; then
echo "ERROR! BUNDLE SUBPROJECT NOT MENTIONED IN config.sh! Fix!"
exit
fi
LOCAL_REPO=$(readlink -f ${LOCAL_REPO_MAP[$PATCH_RANGE_INDEX]})
if [ -e $LOCAL_REPO ]; then
git -C $LOCAL_REPO remote remove bundlerepo || true
# git won't let you delete a branch we're on - so get onto master temporarily (TODO: is there a better approach?)
# git won't let you delete a branch we're on - so get onto master temporarily (TODO: is there a better approach?)
git -C $LOCAL_REPO checkout master -f
git -C $LOCAL_REPO branch -D frombundle || true
git -C $LOCAL_REPO remote add bundlerepo $BUNDLE_DIR/$entry
git -C $LOCAL_REPO fetch bundlerepo FETCH_HEAD
git -C $LOCAL_REPO branch frombundle FETCH_HEAD
git -C $LOCAL_REPO remote remove bundlerepo
if [ -e $BUNDLE_DIR/$SUBDIR/$GITREPO_COMMIT_ISH.bundle ]; then
git -C $LOCAL_REPO remote add bundlerepo $BUNDLE_DIR/$SUBDIR/$GITREPO_COMMIT_ISH.bundle
git -C $LOCAL_REPO fetch bundlerepo FETCH_HEAD
git -C $LOCAL_REPO branch frombundle FETCH_HEAD
git -C $LOCAL_REPO remote remove bundlerepo
fi
else
echo "No local repo $LOCAL_REPO corresponding to archived git bundle!"
exit
if [ -e $BUNDLE_DIR/$SUBDIR/$GITREPO_COMMIT_ISH.bundle ]; then
# TODO: We should be able to handle this case with some more coding, but for now...
echo "No local repo $LOCAL_REPO available to process git bundle! Please create one"
exit
fi
fi
done
rm -rf $BUNDLE_DIR
@ -265,7 +274,7 @@ COMMIT_IDS_BY_SUBMODULE_PATH[SUPERPROJECT]=$NEW_COMMIT_ISH_FULL
# MOVE BUNDLE COMMITS OVER TO LOCAL frombundle BRANCH
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
bundle2local
bundle2local
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# REBASE frombundle patches USING COMMIT_IDS_BY_SUBMODULE, ALSO USING OLD ID'S STORED IN OLD BUNDLE
@ -282,7 +291,7 @@ for (( i=0; i <$REPO_COUNT; i++ )); do
if [[ $GITREPO_COMMIT_ISH =~ .*(.{40})[.]id ]]; then
GITREPO_COMMIT_ISH=${BASH_REMATCH[1]}
fi
git -C ${LOCAL_REPO_MAP[$i]} checkout frombundle -f
git -C ${LOCAL_REPO_MAP[$i]} checkout -f frombundle
git -C ${LOCAL_REPO_MAP[$i]} branch -D $GIT_BRANCH
git -C ${LOCAL_REPO_MAP[$i]} checkout -b $GIT_BRANCH
if [[ "$SUBDIR" = "" ]]; then
@ -309,9 +318,9 @@ rm -rf $CMP_DIR
rm -rf $BUNDLE_DIR
mkdir -p $BUNDLE_DIR
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# NOW PROCESS BUNDLES INTO COMMITS AND FILL SPEC FILE
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# CONVERT BUNDLES INTO COMMITS AND FILL SPEC FILE
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
tar xJf bundles.tar.xz -C $BUNDLE_DIR
BUNDLE_FILES=$(find $BUNDLE_DIR -printf "%P\n"|grep "bundle$")
@ -739,7 +748,7 @@ if [ "$GIT_UPSTREAM_COMMIT_ISH" = "LATEST" ]; then
echo "be lost. Then run script again without the continue option"
exit
fi
redo_tarball_and_rebase_patches &> /tmp/latest.log
redo_tarball_and_rebase_patches &> /tmp/latest.log # This includes a bundle2local
if [[ "$REBASE_FAILS" ]]; then
echo "ERROR! Rebase of the $GIT_BRANCH branch failed in the following local git repos:"
echo $REBASE_FAILS

View File

@ -0,0 +1,63 @@
From: Stefano Garzarella <sgarzare@redhat.com>
Date: Fri, 8 Jan 2021 18:12:52 +0100
Subject: virtio: move 'use-disabled-flag' property to hw_compat_4_2
Git-commit: c126b4c57e0164549de606ca35d1512762051083
Commit 9d7bd0826f introduced a new 'use-disabled-flag' property
set to true by default.
To allow the migration, we set this property to false in the hw_compat,
but in the wrong place (hw_compat_4_1).
Since commit 9d7bd0826f was released with QEMU 5.0, we move
'use-disabled-flag' property to hw_compat_4_2, so 4.2 machine types
will have the pre-patch behavior and the migration can work.
The issue was discovered with vhost-vsock device and 4.2 machine
type without running any kernel in the VM:
$ qemu-4.2 -M pc-q35-4.2,accel=kvm \
-device vhost-vsock-pci,guest-cid=4 \
-monitor stdio -incoming tcp:0:3333
$ qemu-5.2 -M pc-q35-4.2,accel=kvm \
-device vhost-vsock-pci,guest-cid=3 \
-monitor stdio
(qemu) migrate -d tcp:0:3333
# qemu-4.2 output
qemu-system-x86_64: Failed to load virtio-vhost_vsock:virtio
qemu-system-x86_64: error while loading state for instance 0x0 of device '0000:00:03.0/virtio-vhost_vsock'
qemu-system-x86_64: load of migration failed: No such file or directory
Reported-by: Jing Zhao <jinzhao@redhat.com>
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1907255
Fixes: 9d7bd0826f ("virtio-pci: disable vring processing when bus-mastering is disabled")
Cc: mdroth@linux.vnet.ibm.com
CC: qemu-stable@nongnu.org
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
Message-Id: <20210108171252.209502-1-sgarzare@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/core/machine.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/core/machine.c b/hw/core/machine.c
index d0408049b53c795d095ca7ec8c28..9e83400ecbfdd1c8ab20a54ff39c 100644
--- a/hw/core/machine.c
+++ b/hw/core/machine.c
@@ -62,12 +62,12 @@ GlobalProperty hw_compat_4_2[] = {
{ "qxl", "revision", "4" },
{ "qxl-vga", "revision", "4" },
{ "fw_cfg", "acpi-mr-restore", "false" },
+ { "virtio-device", "use-disabled-flag", "false" },
};
const size_t hw_compat_4_2_len = G_N_ELEMENTS(hw_compat_4_2);
GlobalProperty hw_compat_4_1[] = {
{ "virtio-pci", "x-pcie-flr-init", "off" },
- { "virtio-device", "use-disabled-flag", "false" },
};
const size_t hw_compat_4_1_len = G_N_ELEMENTS(hw_compat_4_1);

View File

@ -15,7 +15,7 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 3 insertions(+)
diff --git a/hw/block/xen-block.c b/hw/block/xen-block.c
index 1a379e8771faee970808dd2efd89..310b9639e06b0d543f22652fadd9 100644
index 5f96036c98cc2eada06186ff181c..903633e028266d6c7e73239672b0 100644
--- a/hw/block/xen-block.c
+++ b/hw/block/xen-block.c
@@ -270,6 +270,9 @@ static void xen_block_realize(XenDevice *xendev, Error **errp)

View File

@ -18,7 +18,7 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
1 file changed, 12 insertions(+)
diff --git a/hw/block/xen-block.c b/hw/block/xen-block.c
index 8a7a3f54523ed050587c3e2047de..1a379e8771faee970808dd2efd89 100644
index 20b23c699bc1cb4cd796bf352c45..5f96036c98cc2eada06186ff181c 100644
--- a/hw/block/xen-block.c
+++ b/hw/block/xen-block.c
@@ -729,6 +729,8 @@ static XenBlockDrive *xen_block_drive_create(const char *id,